From 590311f89d82aeeb9529d06230b30d59e6526c6d Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team GUID generator Date: Fri, 28 May 2021 15:41:55 +0000 Subject: [PATCH] Generate GUIDs from job=generate_and_commit_guids_and_docs branch=master [skip ci] --- atomics/T1552.007/T1552.007.yaml | 1 + atomics/T1610/T1610.yaml | 1 + atomics/T1611/T1611.yaml | 1 + atomics/used_guids.txt | 3 +++ 4 files changed, 6 insertions(+) diff --git a/atomics/T1552.007/T1552.007.yaml b/atomics/T1552.007/T1552.007.yaml index 48eb8526..c52c1078 100644 --- a/atomics/T1552.007/T1552.007.yaml +++ b/atomics/T1552.007/T1552.007.yaml @@ -22,6 +22,7 @@ atomic_tests: elevation_required: false - name: Cat the contents of a Kubernetes service account token file + auto_generated_guid: 788e0019-a483-45da-bcfe-96353d46820f description: | Access the Kubernetes service account access token stored within a container in a cluster. diff --git a/atomics/T1610/T1610.yaml b/atomics/T1610/T1610.yaml index b5ee0218..f78a25ac 100644 --- a/atomics/T1610/T1610.yaml +++ b/atomics/T1610/T1610.yaml @@ -4,6 +4,7 @@ display_name: "Deploy Container" atomic_tests: - name: Deploy container using nsenter container escape + auto_generated_guid: 58004e22-022c-4c51-b4a8-2b85ac5c596b description: | In this escape `kubectl` is used to launch a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the alpine linux container image. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. diff --git a/atomics/T1611/T1611.yaml b/atomics/T1611/T1611.yaml index 99fbfac1..f68cda11 100644 --- a/atomics/T1611/T1611.yaml +++ b/atomics/T1611/T1611.yaml @@ -4,6 +4,7 @@ display_name: "Escape to Host" atomic_tests: - name: Deploy container using nsenter container escape + auto_generated_guid: 0b2f9520-a17a-4671-9dba-3bd034099fff description: | In this escape `kubectl` is used to launch a new pod, with a container that has the host pids mapped into the container (`hostPID:true`). It uses the alpine linux container image. It runs with privilege on the host (`privileged:true`). When the container is launched the command `nsenter --mount=/proc/1/ns/mnt -- /bin/bash` is ran. Since the host processes have been mapped into the container, the container enters the host namespace, escaping the container. diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt index 92eef968..7d1c8c5d 100644 --- a/atomics/used_guids.txt +++ b/atomics/used_guids.txt @@ -701,3 +701,6 @@ f2fa019e-fb2a-4d28-9dc6-fd1a9b7f68c3 d03bfcd3-ed87-49c8-8880-44bb772dea4b 129edb75-d7b8-42cd-a8ba-1f3db64ec4ad e2d85e66-cb66-4ed7-93b1-833fc56c9319 +788e0019-a483-45da-bcfe-96353d46820f +58004e22-022c-4c51-b4a8-2b85ac5c596b +0b2f9520-a17a-4671-9dba-3bd034099fff